Password Safe API integration written in Python, Abstract complexity of managing secrets with the API.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for BeyondTrust from gravatar.com BeyondTrust

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT License)
  • Author: BeyondTrust Corporation
  • Tags beyondtrust , devops , secrets , secretssafe , security
  • Requires: Python >=3.11
Classifiers
Report project as malware

Project description

Password Safe API integration

License

Password Safe API integration written in Python, Abstract complexity of managing secrets with the API

Python version compatibility

This library is compatible with Python >= v3.11.

Install Package

# PyPI
pip install beyondtrust-bips-library

Arguments

Retrieve Secrets

  • api_url:
    • description: BeyondTrust Password Safe API URL.
    • type: string
    • required: True
  • api_key:
    • description: The API Key configured in BeyondInsight for your application. If not set, then client credentials must be provided.
    • type: string
    • required: False
  • client_id:
    • description: API OAuth Client ID.
    • type: string
    • required: True
  • client_secret:
    • description: API OAuth Client Secret.
    • type: string
    • required: True
  • secret_list:
    • description: List of secrets ["path/title","path/title"] or managed accounts ["ms/ma","ms/ma"] to be retrieved, separated by a comma.
    • type: list
    • required: True
  • certificate_path:
    • description: Password Safe API pfx Certificate Path. For use when authenticating using a Client Certificate.
    • type: string
    • required: False
  • certificate_password:
    • description: Password Safe API pfx Certificate Password. For use when authenticating using a Client Certificate.
    • type: string
    • required: False
  • verify_ca:
    • description: Indicates whether to verify the certificate authority on the Secrets Safe instance.
    • type: boolean
    • default: True
    • required: False

Methods

  • get_secrets(self, paths)
    • Invoked for Managed Account or Secrets Safe secrets.
    • Returns a list of secrets in the requested order.
  • get_secret(self, path)
    • Invoked for Managed Account or Secrets Safe secrets.
    • Returns the requested secret.

Example of usage

We strongly recommend you to use a virtual environment and install dependences from requirements.txt file.

Import secrets_safe_library

pip install -r ~/requirements.txt

By default urllib3 logs are not shown, If need to show them:

export URLLIB3_PROPAGATE=True

script example using library:

import  os
import  logging
from  secrets_safe_library  import  secrets_safe, authentication, utils, managed_account
import requests
from retry_requests import retry

env  =  os.environ
LOGGER_NAME  =  "custom_logger"

logging.basicConfig(format  =  '%(asctime)-5s  %(name)-15s  %(levelname)-8s  %(message)s',

level  =  logging.DEBUG)

# logger object is optional but is strongly recommended
logger  =  logging.getLogger(LOGGER_NAME)

TIMEOUT_CONNECTION_SECONDS = 30
TIMEOUT_REQUEST_SECONDS = 30

CERTIFICATE = env['CERTIFICATE']
CERTIFICATE_KEY = env['CERTIFICATE_KEY']

def  main():
    try:
        with requests.Session() as session:
            req = retry(session, retries=3, backoff_factor=0.2, status_to_retry=(400,408,500,502,503,504))
            
            certificate, certificate_key = utils.prepare_certificate_info(CERTIFICATE, CERTIFICATE_KEY)
            
            authentication_obj = authentication.Authentication(
                req,
                TIMEOUT_CONNECTION_SECONDS,
                TIMEOUT_REQUEST_SECONDS,
                "https://example.com:443/BeyondTrust/api/public/v3",
                "<client_id>",
                "<client_secret>",
                certificate,
                certificate_key,
                True,
                None)

            # sign app in password safe API
            get_api_access_response  =  authentication_obj.get_api_access()

            if  get_api_access_response.status_code ==  200:
                # instantiate secrets safe object
                secrets_safe_obj  =  secrets_safe.SecretsSafe(authentication_obj, logger)

                get_secrets_response  =  secrets_safe_obj.get_secrets(["oagrp/text,oagrp/credential"])
                utils.print_log(logger, f"=> Retrive secrets: {get_secrets_response}", logging.DEBUG)
            else:
                print(f"Please check credentials, error {get_api_access_response.text}")
            
            authentication_obj.sign_app_out()

    except  Exception  as  e:
        utils.print_log(logger, f"Error: {e}", logging.ERROR)

# calling main method
main()

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for BeyondTrust from gravatar.com BeyondTrust

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT License)
  • Author: BeyondTrust Corporation
  • Tags beyondtrust , devops , secrets , secretssafe , security
  • Requires: Python >=3.11
Classifiers

Release history Release notifications | RSS feed

2.20.0

2.19.0

2.18.0

2.17.0

2.16.0

2.15.0

2.14.0

2.13.0

2.12.0

2.11.1

2.11.0

2.10.0

2.9.1

2.9.0

2.8.1

2.8.0

2.7.0

2.6.0

2.5.0

2.4.0

2.3.0

2.2.0

2.1.0

2.0.2

2.0.1

2.0.0

1.50.1

1.50.0

1.49.0

1.48.0

1.47.0

1.46.0

1.45.0

1.44.0

1.43.0

1.42.0

1.41.0

1.40.0

1.39.0

1.38.0

1.37.0

1.36.0

1.35.0

1.34.0

1.33.0

1.32.1

1.32.0

1.31.0

1.30.1

1.30.0

This version

1.29.0

1.28.0

1.27.0

1.26.1

1.26.0

1.25.2

1.25.1

1.24.0

1.23.0

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.1

1.17.0

1.16.0

1.15.0

1.14.0

1.13.0

1.12.0

1.11.0

1.10.0

1.9.0

1.8.0

1.7.0

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.3.377

1.0.3

1.0.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

beyondtrust_bips_library-1.29.0.tar.gz (50.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

beyondtrust_bips_library-1.29.0-py3-none-any.whl (84.8 kB view details)

Uploaded Python 3

File details

Details for the file beyondtrust_bips_library-1.29.0.tar.gz.

File metadata

File hashes

Hashes for beyondtrust_bips_library-1.29.0.tar.gz
Algorithm Hash digest
SHA256 1e7bb07be6708cef7f5a562679d570c3bbfcc6d45ceff604a12864dbc5584258
MD5 1c9954d769e9186331c8acee9b0d436b
BLAKE2b-256 89f1d44ddf2c46bf5f0b3663c879e3a9be9d3ae4e43286974b6a479caf8077ea

See more details on using hashes here.

Provenance

The following attestation bundles were made for beyondtrust_bips_library-1.29.0.tar.gz:

Publisher: release.yml on BeyondTrust/ps-integration-library

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file beyondtrust_bips_library-1.29.0-py3-none-any.whl.

File metadata

File hashes

Hashes for beyondtrust_bips_library-1.29.0-py3-none-any.whl
Algorithm Hash digest
SHA256 76e510022c76834a49a77a6aaf280b7f5126189205670f995e2f3b3fe2cc36f5
MD5 f543c95b5ef00d216672a08b59e15eb3
BLAKE2b-256 f3d91d161e1f33563b42a1d9f6cbbfe06bb0785de691f0f2c6ea39aa682a8001

See more details on using hashes here.

Provenance

The following attestation bundles were made for beyondtrust_bips_library-1.29.0-py3-none-any.whl:

Publisher: release.yml on BeyondTrust/ps-integration-library

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page